To print: Select File and then Print from your browser's menu.
-----------------------------------------------
This story was printed from CdrInfo.com,
located at http://www.cdrinfo.com.
-----------------------------------------------

A security feature that protects confidential e-mail messages from being intercepted and read by third parties e-mail encryption has been around since the early days of e-mail, but is still ignored by most users.

News that a cracker had gained access to bank accounts with balances totaling more than US$500,000 after installing snooping software at an Internet cafe has shocked users into understanding the fundamental concepts of defensive computing: prevention and protection.

Internet cafes have always been a security disaster waiting to happen, but the risk of users unwittingly handing over crucial confidential banking information to wily criminals has shot up as people increasingly log on to their banks rather than legging it into their branch.

The cracker used a widely available key-logging program to record every keystroke typed on a computer when a bank's Web address, customer ID and password were entered.

A less sophisticated crime than fraud using Trojans and spoofed Web sites, it apparently took the criminal three minutes to install the malicious software; after that the computer automatically and imperceptibly e-mailed snooped information to a designated e-mail account.

While using a publicly accessible or shared computer such as those in Internet cafes or even in a work environment increases the risk of identity and information theft, as soon as you acquire a PC , Internet connection and complementary programs, you are a target of random and relentless security attacks.

Although being a target is inescapable, you don't have to be a victim. Defensive-computing practices can at the very least limit your risk profile, while allowing you to continue using the Internet.

In the blink of an eye, compared to the historical transition from one technology to another, e-mail has grown from being a fringe application to the most widely used communications medium of our time.

From love letters to birthday cards and from Dear John letters to hate mail, e-mail owes its success to high-speed and low-cost delivery as much as it does to standardization and flexibility.

A security feature that protects confidential e-mail messages from being intercepted and read by third parties -- e-mail encryption -- has been around since the early days of e-mail, but is still largely ignored by most users.

However, the shift in behavior away from mass-computer viruses to potentially more devastating identity-theft crimes, such as phishing, have helped raise the profile of this defensive practice.

The concept is simple: the encryption process uses a special pattern to scramble the contents of a message during transit so that even if it is intercepted, it cannot be read. Once it arrives at the intended recipient, the same pattern is used to descramble the contents.

Often called keys, the sender obviously needs to give recipients the means to unlock the pattern and restore the contents to their original unencrypted state.

The most common encryption standard used by e-mail programs is known as open PGP , which when used properly, cannot be unlocked by crackers.

Because e-mail encryption establishes a trustworthy standard of confidentiality, mandating secure e-mail for external partners is fast becoming a common business practice, with companies worldwide requiring incoming e-mail to be secured in this way.

Working hand-in-hand with digital signatures to produce a certificate of identity, the encryption process creates two keys -- a private key, which belongs to the holder of the encryption certificate, and a public key, which is used by recipients to unlock and read the message.

Using this system, an e-mail can be read only once the private and public keys are united, rendering it safe from the prying eyes of e-mail snoops and all but eliminating the risk of a cracker being able to use information intercepted in transit.

In today's online world of digital crime, defensive computing has come to mean much more than simply installing anti-virus software and switching on a firewall -- it requires good practices that collectively thwart the worst intentions of the unseen delinquent class.